A woman sits on the floor, looking at her computer screen displaying a ransomware demand.

LockBit Ransomware Attacks, 20-Year-Old Russian Arrested In Arizona

LockBit ransomware allegedly deployed by Russian national Ruslan Magomedovich Astamirov led to his arrest in Arizona. He was charged by the U.S. Justice Department for targeting victims’ networks both in the United States and overseas.

A total of five American and foreign companies have been reported that they have been targeted by Ruslan Astamirov, who is alleged to have used LockBit ransomware as a service. The prosecutor’s office in New Jersey, USA, has now charged a third Russian-related person for their claimed role in the LockBit ransomware execution.

The attacker illegally carried out LockBit ransomware attacks between August 2020 and March 2023, according to the prosecution complaint. He was involved in a broad scam that prompted a release of tens of millions of dollars from over 1,400 victims.

According to US Department of Justice (DOJ):

Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware. Specifically, Astamirov directly executed at least five attacks against victim computer systems in the United States and abroad.

Law enforcement was able to trace a certain amount of a victim’s ransom payment to Astamirov’s virtual currency address. If found guilty, the accused person may spend up to 20 years behind bars for the first fraud and just five years for the second.

Additionally, the crimes are punishable by fines of up to $250,000 or double the gain or loss from the violation, which is larger.

LockBit Resists for 3 Years Third U.S. Charge Since November

LockBit ransomware has been at the centre of several attacks where it has held businesses and government agencies ransom. These LockBit-driven operations are far from uncommon; according to the US Department of Homeland Security, they account for 16% of all ransomware attacks targeting regional and municipal agencies.

The US Justice Department has now filed charges against Astamirov, the third person associated with LockBit to do so in the previous seven months. The DOJ made public the criminal charges against Mikhail Vasiliev as of November 2022 in preparation for his arrest to the US from Canadian imprisonment.

According to District of New Jersey U.S. Attorney Philip R. Sellinger:

The LockBit conspirators and any other ransomware perpetrators cannot hide behind imagined online anonymity. We will continue to work tirelessly with all our law enforcement partners to identify ransomware perpetrators and bring them to justice.

According to the lawsuit, at least one victim paid $700,000 in total. The lawsuit states that when one victim refused to pay ransom, Astamirov uploaded their data to LockBit’s public server.

In Russian-language cybercrime forums in January 2020, LockBit initially made itself public. It belongs to the class of illegal strategies and tools known as ransomware as a service (RaaS).

A devoted group of software developers creates and maintains malware that is meant to spread business or home computer systems in the ransomware as a service (RaaS) structure. End users, who are often cybercriminals, buy this software and use it against business networks. These users then pay the technical team in charge of running LockBit a fixed fee or a percentage of their illegally obtained earnings.

According to a joint advice issued on Wednesday by U.S. and foreign cybersecurity groups, this ransomware organisation has been successful in extorting almost $91 million from American businesses. Since 2020, these groups have been the focus of almost 1,700 attacks.

It is recommended that anyone who have been affected by the LockBit ransomware get in touch with the local FBI field office and visit StopRansomware for more information. Keep in mind that a criminal complaint is only an accusation. Until their guilt is clearly proved by a court of law, all accused persons are regarded as innocent.

Successful ransomware attacks are most often preceded by phishing emails. Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial

Recent posts